Debian Bug report logs -
#447344
CVE-2007-5200 insecure tmp file handling
Reported by: Nico Golde <nion@debian.org>
Date: Sat, 20 Oct 2007 10:18:01 UTC
Severity: important
Tags: patch, security
Found in version hugin/0.6.1-1
Fixed in version hugin/0.6.1-1.1
Done: "Adam Buchbinder" <adam.buchbinder@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Florent Bayle <fbayle@bigfoot.com>
:
Bug#447344
; Package hugin
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
New Bug report received and forwarded. Copy sent to Florent Bayle <fbayle@bigfoot.com>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: hugin
Version: 0.6.1-1
Severity: important
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for hugin.
CVE-2007-5200[0]:
| hugin in SUSE openSUSE 10.2 and 10.3 allows local users to overwrite
| arbitrary files via a symlink attack on a temporary file.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
What SuSE did is just to delete the debug output to the tmp
file:
--- src/Panorama/PTOptimise.cpp
+++ src/Panorama/PTOptimise.cpp
@@ -36,9 +36,6 @@
#include <boost/property_map.hpp>
#include <boost/graph/graph_utility.hpp>
-#define DEBUG_WRITE_OPTIM_OUTPUT
-#define DEBUG_WRITE_OPTIM_OUTPUT_FILE "hugin_debug_optim_results.txt"
-
using namespace std;
using namespace PT;
using namespace PTools;
@@ -132,13 +129,6 @@
RunLMOptimizer( &opt );
ainf.data = opt.message;
// get results from align info.
-#ifdef DEBUG_WRITE_OPTIM_OUTPUT
- fullPath path;
- StringtoFullPath(&path, DEBUG_WRITE_OPTIM_OUTPUT_FILE );
-
- ainf.data = opt.message;
- WriteResults( script, &path, &ainf, distSquared, 0);
-#endif
pano.updateVariables(GetAlignInfoVariables(ainf) );
pano.updateCtrlPointErrors( GetAlignInfoCtrlPoints(ainf) );
}
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5200
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Florent Bayle <fbayle@bigfoot.com>
:
Bug#447344
; Package hugin
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Florent Bayle <fbayle@bigfoot.com>
.
(full text, mbox, link).
Message #10 received at 447344@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
I intent do NMU this package to fix the vulnerability.
Attached is a patch for an NMU.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/hugin-0.6.1-1_0.6.1-1.1.patch
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[hugin-0.6.1-1_0.6.1-1.1.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Florent Bayle <fbayle@bigfoot.com>
:
Bug#447344
; Package hugin
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Florent Bayle <fbayle@bigfoot.com>
.
(full text, mbox, link).
Message #15 received at 447344@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
uploading an NMU now with permission of the maintainer.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Florent Bayle <fbayle@bigfoot.com>
:
Bug#447344
; Package hugin
.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>
:
Extra info received and forwarded to list. Copy sent to Florent Bayle <fbayle@bigfoot.com>
.
(full text, mbox, link).
Message #20 received at 447344@bugs.debian.org (full text, mbox, reply):
# Automatically generated email from bts, devscripts version 2.10.9
# due to a typo in changelog this was not closed but it is fixed in 0.6.1-1.1
fixed 447344 0.6.1-1.1
Bug marked as fixed in version 0.6.1-1.1.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org
.
(Fri, 26 Oct 2007 18:00:04 GMT) (full text, mbox, link).
Reply sent to "Adam Buchbinder" <adam.buchbinder@gmail.com>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #27 received at 447344-done@bugs.debian.org (full text, mbox, reply):
Per Nico Golde's comment, this bug should have been closed when the
fixed version was released. Explicitly closing now.
Adam Buchbinder
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sat, 12 Apr 2008 07:31:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:33:20 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.